The Directive states that “in light of modern advances”, it is important “for reasons of clarity and rationality” to “apply uniform rules that are as strict as possible”. Indeed, the regulatory regime established by the Directive is of considerable rigour: it contains detailed registration, disclosure and marketing requirements. We are, of course, referring to the EU Potatoes Directive (2002/56/EC). When it comes, however, to initial coin offerings (“ICOs”) of cryptographically encoded digital “tokens” to retail investors via distributed ledger technology – almost anything goes! At least, that appeared to be the case until recently, when a multitude of EU regulators issued warnings and statements on the application of EU regulations to ICOs.

In this post, we seek to decipher some of those statements and offer some practical observations to determine how EU securities laws might (or might not) apply to ICOs.

For background on ICOs, click here.

ESMA’s approach

In November 2017, ESMA (the EU’s supranational securities regulator) released a short regulatory statement exploring the potential regulatory risks that persons involved in ICOs may face. The statement notes that the digital tokens issued in ICOs vary considerably in their properties but that, at least in some instances, ICOs may be subject to existing EU regulations, such as the following:

  • The Prospectus Directive. An ICO of tokens falling within the definition of “transferable securities”[i] may trigger requirements to publish an approved prospectus compliant with the Prospectus Directive.
  • The Second Markets in Financial Instruments Directive. MiFID II’s conduct of business, transparency and organizational rules could apply to the creation, distribution and trading of tokens where they can be classified as “financial instruments” (see below).
  • Alternative Investment Fund Managers Directive. AIFMD’s capital, organizational, operational and transparency requirements may apply to ICOs where they are in effect collective investments structured around a “defined investment policy”.
  • Compliance rules. The fight against money laundering and terrorist financing may require participation in ICOs to be subject to customer due diligence, along with record-keeping and reporting requirements.

ESMA’s statement appears to be laying down a marker. It shows that ESMA is aware of ICOs and is monitoring the market’s development, without going beyond a restatement of existing law. It seems likely that this is a stop-gap pending further regulatory action:

  • ICOs do not fall easily within the existing EU securities law framework. To take just a few examples:
    • The Prospectus Directive’s content schedules and “building blocks” are categorized by reference to conventional securities concepts such as debt, equity, derivatives, depositary receipts, etc. It is not clear which of the schedules and building blocks would apply to digital tokens, given their varied characteristics.
    • Many tokens incorporate smart contracts – self-executing computer protocols that automatically register transactions using distributed ledger technology according to a script written in a programming language. Whereas a regulator reviewing a conventional securities prospectus may simply read the terms and conditions of the securities to understand the rights attaching to them, the same may not be true of tokens – a high degree of computer literacy may be necessary.
    • The competent authority tasked with approving the prospectus is determined under the Prospectus Directive by reference to the issuer’s home member state. The internet-based, often stateless nature of ICO token issuers makes it difficult to determine the issuer’s home member state (especially DAO issuers – see below) by reference to the usual indicators, such as the issuer’s registered office or the place where the securities will be admitted to trading on a regulated market.
    • Some tokens are issued by a new type of unincorporated business, known as a decentralized autonomous organization (or “DAO”). These organizations allow their members to participate in a collective venture subject to self-executing rules (akin to encoded articles of association). A DAO’s tokens grant ownership and voting rights, much like ordinary shares. However, a DAO does not appear to be a “legal entity”, and therefore it seems doubtful whether it can be classed as an “issuer” subject to EU securities regulation.
  • While securities regulators in the United States have been able to use the broad definition of “security” under the U.S. securities laws in combination with the judicial interpretation thereof under the Howey test to bring enforcement actions against ICOs (see our discussion here), it is not clear that EU legislation would allow the same approach to be taken in the EU. EU legislation is heavily influenced by the civil law tradition preponderant in Europe, meaning concepts are often drafted with more precision than in common law legal systems, and interpreted in a stricter, more literal manner. If ICOs cannot fit neatly within the existing framework, the European Court of Justice is unlikely to dabble in judicial law-making to make it fit, and would not allow national courts to do so either. Legislative action initiated by the European Commission appears more likely.

While applying existing EU legal concepts to ICOs is problematic in many cases, the key concept of “financial instruments” appears to be an exception. Tokens do not necessarily fall directly within one of the exhaustive categories of financial instruments.[ii] However, one category of financial instruments – “transferable securities” – is defined non-exhaustively by reference to “securities which are negotiable on the capital market”.[iii] This broad definition may catch some types of tokens issued in ICOs – in particular those which give rise to a debt claim (which will likely be debt securities) or those which represent a claim to property (which are likely to be units in collective investment undertakings) – without any special interpretation or regulatory action. This is crucial to the integrity of the EU securities market as key legal regimes such as the Market Abuse Regulation, MiFID II, the Prospectus Directive and sectoral sanctions apply only to instruments classified as transferable securities or financial instruments. This is of importance to both primary market participants (such as token issuers, which may need to publish a prospectus under the Prospectus Directive), but also secondary market participants (such as token exchanges, which may be providing “investment services”[iv] for which they require authorization under MiFID II).

In any case, ESMA is likely to provide a more detailed description of its stance on ICOs given that it has committed in its 2018 work programme to undertake “a thorough analysis […] to determine the regulatory scope and implications [of ICOs]”.

One regulator’s proactive approach

Unlike other EU regulators (discussed below), France’s Autorité des marchés financiers (“AMF”) has (among other options) proposed what, if passed into law, would be the first ICO regulations in the EU. In a consultation running from October to December 2017, the AMF sought views on three options for regulating ICOs:

  • Retain the status quo. Like other EU regulators, the AMF would seek to apply existing regulations to ICOs on a case-by-case basis. Such efforts would likely centre on qualifying issuers as “intermediaries in miscellaneous assets” under the French Monetary and Financial Code, which could entail an obligation on the issuer to maintain professional indemnity insurance, minimum guarantees with regard to integrity, qualifications, experience and organization and, most importantly, to prepare a disclosure document. The AMF has ruled out applying to tokens the French rules applicable to equity and debt securities, financial instruments, mini-bonds and crowdfunding.
  • Retain the status quo, but establish best practices. In this scenario, the case-by-case application of existing rules would be accompanied by the establishment of best practices that token issuers could voluntarily comply with in order to demonstrate the quality of their offering to investors. Such best practices might include obligations to publish a white paper with detailed disclosure on the project and the use of proceeds, properly identify the parties involved, hold funds in escrow pending closing and put in place safeguards against fraud.
  • Institute a tailored authorization regime. In this scenario, the AMF would put in place specific rules that token issuers would be required to comply with in order to receive AMF approval. One version of this proposal would see unapproved ICOs outlawed, while another version – receiving support from two thirds of respondents –would allow ICOs to proceed without AMF authorization, provided the absence of authorization is stated in a disclaimer.

The AMF’s consultation is explored in more detail here and here.

The response from other EU regulators

Most EU regulators have closely echoed ESMA’s message: existing rules may apply to ICOs, depending on the circumstances. There are, however, some jurisdiction-specific points to note:


The German financial regulator BaFin was one of the regulators which mirrored ESMA, publishing in November 2017 a warning to investors that the acquisition of tokens in an ICO may be high-risk. BaFin specifically addressed risks resulting from significant price fluctuations, the lack of a liquid secondary market, insufficient protection of personal data and the uncertainties around the applicable legal framework.

To date, Germany has not adopted regulations specifically applicable to cryptocurrencies. However, cryptocurrencies may be subject to existing statutes, such as the German Banking Act (Kreditwesengesetz), depending on their specific design and the type of activities performed in connection with them.

This approach was also confirmed in BaFin’s release of 20 February 2018, addressed to market participants performing financial services involving tokens. BaFin took the view that tokens may (depending on their terms) qualify as financial instruments within the meaning of MiFID II in the form of securities, investment fund units or other investment products. The qualification of tokens as securities, investment fund units or other investment products triggers significant disclosure and reporting obligations under the applicable laws. In particular, absent an exemption, the public offering of such instruments requires the publication of a prospectus. In addition, should tokens qualify as financial instruments, the provision of services involving tokens, as well as the proprietary trading of tokens on a regulated market, MTF or OTF[v] may result in a licensing requirement under the German Banking Act. Such licensing requirement may even be triggered if the tokens do not qualify as financial instruments under MiFID II, but as account units within the meaning of the German Banking Act, and would apply to the performance of certain regulated activities and the operation of a trading platform. Moreover, tokens or token-related activities may be subject to the German Insurance Supervision Act (Versicherungsaufsichtsgesetz), should the  tokens qualify as an insurance product. Similarly, tokens may fall under the Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz) if they qualify as e-money, which is currently not the case because they are not distributed by a central body comparable to the European Central Bank.

In sum, there is no defined body of German law applicable to cryptocurrencies in Germany, but rather, the applicable rules must be determined on a case-by-case analysis of the terms of the tokens concerned.


Italy’s Commissione Nazionale per le Società e la Borsa (“CONSOB”), is remarkable in that it is one of the only regulators in the EU not to have published a statement on ICOs. Unofficial statements by CONSOB representatives at the meetings of the “Italian Fintech Roundtable” (a quasi-official working group organized by the Italian Ministry of Economy and Finance and assembling, together with a number of fintech companies and advisors, representatives from the Bank of Italy and CONSOB) suggest, however, that, while the matter is closely monitored, the Italian regulator is waiting to see how the market develops before it makes a statement of its own.

CONSOB’s approach to cryptocurrencies may provide clues about how it will tackle tokens. In 2017, CONSOB suspended and/or prohibited several offerings to Italian residents of cryptocurrency-related investments (giving investors rights to receive returns on cryptocurrency trading and mining activities) on the grounds that such offerings involved “prodotti finanziari”,[vi] which require that public offerings of prodotti finanziari be accompanied by a prospectus approved by CONSOB prior to their launch or advertising. Under Italian law, the notion of prodotti finanziari captures any form of investment of a financial nature and is therefore broader than the concept of financial instruments. It will be interesting to see if CONSOB brings tokens within its regulatory scope by classifying them as prodotti finanziari.

United Kingdom.

The UK has its own securities law framework that sits alongside the rules mandated by the EU. Two key elements of this framework are the prohibitions on unauthorized persons:

  • carrying on “regulated activities”; and
  • engaging in financial promotions (i.e. communicating in the course of business an invitation or inducement to engage in an investment activity, such as exercising rights conferred by a “controlled investment”).

As a result, regulated activities and financial promotions relating to them are heavily restricted in the UK with respect to conventional securities. However, ICOs and the tokens issued in ICOs do not fall naturally within the “regulated activities” or “controlled investments” subject to restriction. As a result, ICOs are being endorsed by celebrities and marketed to the British public. Therefore, while the UK’s Financial Conduct Authority (“FCA”) in its consumer warning issued in September 2017 advocates for the case-by-case application of existing rules, investor protection concerns may lead it to lobby for the relevant legislation to be amended.

Recognizing this and other potential problems with applying existing EU and UK securities laws, in December 2017 the FCA published a follow-up statement stating that the FCA is seeking to “determine whether or not there is need for further regulatory action in this area [i.e. ICOs] beyond the consumer warning issued in September [2017]”.

The UK will leave the EU in 2019 and may not remain in regulatory alignment with the EU. This could lead to the development of UK-specific rules for ICOs, either as a result of new legislative action or the courts applying a common law approach to interpretation of existing rules inherited from the EU prior to Brexit.

A word on crowdfunding

Crowdfunding is the practice of funding a project or venture by raising money from a large number of people who each contribute a relatively small amount, typically via the internet.[vii] In many cases, ICOs fall within this definition. There is not yet any crowdfunding-specific regulation at the EU level. However, the European Commission has proposed a regulation on crowdfunding, and the FCA and some other EU regulators[viii] briefly mention in their statements on ICOs the potential for ICOs to fall under national rules or regulatory practice on crowdfunding. It is possible that ESMA and national regulators could seek to build upon their experience with crowdfunding to address the issues posed by ICOs. However, demonstrating the potential for divergent interpretations in the absence of EU guidance, the AMF has ruled out the possibility of applying crowdfunding rules to ICOs (see above).

* * *

Clearly, the regulatory sands in the EU are shifting. Yet, we are some way off “potato-parity”: until regulators in the EU start actively applying the existing rules to ICOs or successfully develop new rules, potato farmers will continue to gaze enviously at token issuers and their relatively unregulated ICOs.

[i] Defined in article 4(44) of Directive 2014/65/EU (“MiFID II”) as:

those classes of securities which are negotiable on the capital market, with the exception of instruments of payment, such as: (a) shares in companies and other securities equivalent to shares in companies, partnerships or other entities, and depositary receipts in respect of shares; (b) bonds or other forms of securitised debt, including depositary receipts in respect of such securities; (c) any other securities giving the right to acquire or sell any such transferable securities or giving rise to a cash settlement determined by reference to transferable securities, currencies, interest rates or yields, commodities or other indices or measures”.

[ii] Under MiFID II, these categories are:

(1) Transferable securities;

(2) Money-market instruments;

(3) Units in collective investment undertakings;

(4) Options, futures, swaps, forward rate agreements and any other derivative contracts relating to securities, currencies, interest rates or yields, emission allowances or other derivatives instruments, financial indices or financial measures which may be settled physically or in cash;

(5) Options, futures, swaps, forwards and any other derivative contracts relating to commodities that must be settled in cash or may be settled in cash at the option of one of the parties other than by reason of default or other termination event;

(6) Options, futures, swaps, and any other derivative contract relating to commodities that can be physically settled provided that they are traded on a regulated market, a MTF, or an OTF, except for wholesale energy products traded on an OTF that must be physically settled;

(7) Options, futures, swaps, forwards and any other derivative contracts relating to commodities, that can be physically settled not otherwise mentioned in point 6 of this Section and not being for commercial purposes, which have the characteristics of other derivative financial instruments;

(8) Derivative instruments for the transfer of credit risk;

(9) Financial contracts for differences;

(10) Options, futures, swaps, forward rate agreements and any other derivative contracts relating to climatic variables, freight rates or inflation rates or other official economic statistics that must be settled in cash or may be settled in cash at the option of one of the parties other than by reason of default or other termination event, as well as any other derivative contracts relating to assets, rights, obligations, indices and measures not otherwise mentioned in this Section, which have the characteristics of other derivative financial instruments, having regard to whether, inter alia, they are traded on a regulated market, OTF, or an MTF;

(11) Emission allowances consisting of any units recognised for compliance with the requirements of Directive 2003/87/EC (Emissions Trading Scheme).

[iii] While this notion is not defined, the European Commission considers that “it is a broad one and is meant to include all contexts where buying and selling interest in securities meet”. See the response to Q115 in the European Commission’s 2007 Q&A here.

[iv] Meaning under MiFID II (in each case with respect to financial instruments):

(1) Reception and transmission of orders in relation to one or more financial instruments;

(2) Execution of orders on behalf of clients;

(3) Dealing on own account;

(4) Portfolio management;

(5) Investment advice;

(6) Underwriting of financial instruments and/or placing of financial instruments on a firm commitment basis;

(7) Placing of financial instruments without a firm commitment basis;

(8) Operation of an MTF;

(9) Operation of an OTF.

[v] Multilateral Trading Facility or Organized Trading Facility

[vi] See CONSOB resolutions no. 19866 of 1 February 2017, no. 19968 of 20 April 2017, no. 20110 of 13 September 2017, no. 20207 of 6 December 2017 and no. 20241 of 20 December 2017.

[vii] As defined in the Oxford English Dictionary.

[viii] See the statements of the regulators in Austria, Belgium, Finland, Gibraltar and Lithuania. And yes, Gibraltar is part of the EU (for now).